Overview

Before using any of the Britive features, you need to onboard users in Britive. The users can be internal Britive users and/or external users fetched from Identity providers.

Onboarding users need the following steps:

1. Onboarding users
2. Assigning admin privileges to users

1. Onboarding Users

Adding Britive Users

• Login to Britive with administrator privileges.
• Click Admin -> Identity Management.
• Click on the ADD USER button.
• Enter the following values on the Add User page:
  1. Enter the user details such as First name, Last Name, Email, and Username.
  2. Select the identity provider. An identity provider (IdP) is a service that stores and verifies user identity. The default identity provider for any user is Britive. To create external users, see Onboarding External Users.
  3. Enter the password as per the rules mentioned on the page for Britive internal users and click the Generate Password button.
  4. Check the Send password to the user if you want to send this password via email to the user.
  5. Check Send password to additional recipients if you want to email this password to five recipients.
  6. Click ADD USER.

Managing Britive Users

An administrator can manage the user details by clicking the Manage icon for any user.

• EDIT: Update the user details.
• RESET PASSWORD: Reset the user password.
• DELETE MFA DEVICES: Delete the existing MFA devices used for authentication by this user. An administrator can select from the Authentication Device or Step-up Verification Device for the selected user. Once deleted, the selected user has to re-register a new device for verification. 

Managing External Users

An administrator can manage the external user details by clicking the Manage icon for an external user.

• EDIT: Update the user details.
• DELETE STEP-UP VERIFICATION DEVICE: Delete the step-up verification device used for authentication by this user. Once deleted, the selected user has to re-register a new device for verification.

Creating Service Identities

Service identities are non-human identities used for non-interactive use cases like automation, scripting, etc. Service identities use token-based authentication. You need to create a token for a service identity with a validity date and save it.

For more information about service identities, see Service Identity Federation.

Creating Tags

Tags are a group of users and/or service identities. Tags are created to manage multiple users and service identities that have the same access to Britive.

1. Login to Britive with administrator privileges.
2. Click Admin -> Identity Management.
3. Select the Tags tab and click on the ADD TAG button.
4. Enter the following on the Add a Tag page:
   1. Enter the name and description of the tag.
   2. Select the Identity Provider from the drop-down list. Tags added for identity providers other than Britive are marked as external tags.
   3. Click the Save button.
5. Select the method of adding identities to a tag:
   1. Static Members: You can select the users and service identities from the list.
      1. Click Add Identities to add users or service identities to this tag.
      2. Select the users or service identities and click Add icon from the Action column.
      3. Click Done.
   2. Membership Rule: You can dynamically add users or service identities to the Britive(Internal) tags. All the users and/or service identities that match the criteria are added to the tag.
      1. Click Add Criteria to add a new rule or Edit to update the existing criteria.
      2. Select the Attribute, Operator, and Value for the criteria. Supported Operators are “is” and “contains.” Identity attributes must be either String or Number data type in the membership rule. Each criterion can also be refined using OR operator for each attribute. For example: ( First Name contains "A" or "B" or "C") AND (City is "XYZ")
      3. Click the Checkmark icon. You can add multiple criteria which are appended by the AND clause.
      4. Click Save.
      5. Click View matching identities to view the identities matching the criteria.
6. Grant access to Britive based on the identity requirements using Britive Authorization.

Creating Identity Providers

An identity provider (IdP) is a service that stores and verifies user identity. The default identity provider for any user is Britive. For more information about creating identity providers, see Creating Identity Providers.

Creating Identity Attributes

Identity attributes are used for mapping the attributes fetched from IdP to Britive. The Base attributes are mandatory in Britive and can not be edited/deleted.  The base attributes are Email, Last Name, Mobile, First Name, Username, Status, and Phone.

You can create custom attributes that are additional to Base attributes and can be mapped based on the user requirements. 

1. Login to Britive with administrator privileges.
2. Click Admin -> Identity Management.
3. Select the Identity Attributes tab and click on ADD IDENTITY ATTRIBUTE button.
4. Enter the following in the Add Identity Attributes dialog box:
   1. Enter the name and description of an attribute.
   2. Select the attribute type.
   3. Click ADD IDENTITY ATTRIBUTE button.

Onboarding External Users

You can onboard external users by configuring Identity Providers (IdP) like Azure, Okta, etc. in Britive. For more information about integration with different IDPs, see  Identity Provider Integration Guides.

2. Assigning Admin privilege to users

After adding an admin user/tags/service identities, grant an admin privilege by adding that user to TenantAdminPolicy by using the following steps:

1. Login to Britive.
2. Click on Admin->Role & Policy Management->Policies.
3. Search for TenantAdminPolicy and click the Manage policy icon.
4. Click Edit.
5. Select the user and click Save.

For more information about policy management, see Britive Authorization.